Fix an issue with executing tmpfs binary.

Suppose that a binary was executed from tmpfs mount, and the text
vnode was reclaimed while the binary was still running.  It is
possible during even the normal operations since tmpfs vnode'
vm_object has swap type, and no references on the vnode is held.  Also
assume that the text vnode was revived for some reason.  Then, on the
process exit or exec, unmapping of the text mapping tries to remove
the text reference from the vnode, but since it went from
recycle/instantiation cycle, there is no reference kept, and assertion
in VOP_UNSET_TEXT_CHECKED() triggers.

Fix this by keeping a use reference on the tmpfs vnode for each exec
reference.  This prevents the vnode reclamation while executable map
entry is active.

Do it by adding per-mount flag MNTK_TEXT_REFS that directs
vop_stdset_text() to add use ref on first vnode text use, and
per-vnode VI_TEXT_REF flag, to record the need on unref in
vop_stdunset_text() on last vnode text use going away.  Set
MNTK_TEXT_REFS for tmpfs mounts.

Reported by:	bdrewery
Tested by:	sbruno, pho (previous version)
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week

1 files changed, 1 insertions, 0 deletions

diff --git a/sys/sys/mount.h b/sys/sys/mount.h
index 998538eadd47..0bd6d9928074 100644
--- a/sys/sys/mount.h
+++ b/sys/sys/mount.h
@@ -398,6 +398,7 @@ void          __mnt_vnode_markerfree_active(struct vnode **mvp, struct mount *);
 #define	MNTK_MARKER		0x00001000
 #define	MNTK_UNMAPPED_BUFS	0x00002000
 #define	MNTK_USES_BCACHE	0x00004000 /* FS uses the buffer cache. */
+#define	MNTK_TEXT_REFS		0x00008000 /* Keep use ref for text */
 #define MNTK_NOASYNC	0x00800000	/* disable async */
 #define MNTK_UNMOUNT	0x01000000	/* unmount in progress */
 #define	MNTK_MWAIT	0x02000000	/* waiting for unmount to finish */